CVE-2022-50696— SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Hardcoded Credentials Authentication Bypass
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-50696
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Hardcoded Credentials Authentication Bypass
Source: NVD (National Vulnerability Database)
Vulnerability Description
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain hardcoded credentials embedded in server binaries that cannot be modified through normal device operations. Attackers can leverage these static credentials to gain unauthorized access to the device across Linux and Windows distributions without requiring user interaction.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用硬编码的凭证
Source: NVD (National Vulnerability Database)
Vulnerability Title
SOUND4多款产品 信任管理问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
SOUND4 IMPACT等都是法国SOUND4公司的产品。SOUND4 IMPACT是一款专业广播音频处理器。SOUND4 FIRST是一款广播用的音频处理器。SOUND4 PULSE是一款音频处理器。 SOUND4多款产品存在信任管理问题漏洞,该漏洞源于服务器二进制文件中嵌入了硬编码凭证,可能导致未经授权的设备访问。以下产品受到影响:SOUND4 IMPACT、SOUND4 FIRST和SOUND4 PULSE。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Shenlong Deep Dive — AI Deep Analysis
10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| SOUND4 Ltd. | Impact/Pulse/First | Version 2: 1.1/2.15 | - | |
| SOUND4 Ltd. | Impact/Pulse Eco | 1.16 | - | |
| SOUND4 Ltd. | BigVoice4 | 1.2 | - | |
| SOUND4 Ltd. | BigVoice2 | 1.30 | - | |
| SOUND4 Ltd. | Stream | 1.1/2.4.29 | - | |
| Kantar Media | WM2 | 1.11 | - |
II. Public POCs for CVE-2022-50696
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2022-50696
请登录查看更多情报信息。
Same Patch Batch · SOUND4 Ltd. · 2025-12-30 · 14 CVEs total
| CVE-2022-50694 | 9.8 CRITICAL | SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x SQL Injection via Username Parameter |
| CVE-2022-50796 | 9.8 CRITICAL | SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Unauthenticated Remote Code Execution via upload.cgi |
| CVE-2022-50794 | 9.8 CRITICAL | SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Unauthenticated Command Injection via Username |
| CVE-2022-50793 | 8.8 HIGH | SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Authenticated Command Injection via www-data-handler.p |
| CVE-2022-50795 | 7.8 HIGH | SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Conditional Command Injection via traceroute.php |
| CVE-2022-50789 | 7.8 HIGH | SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Conditional Command Injection via dns.php |
| CVE-2022-50791 | 7.8 HIGH | SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Conditional Command Injection via ping.php |
| CVE-2022-50692 | 7.5 HIGH | SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Insufficient Session Expiration Vulnerability |
| CVE-2022-50790 | 7.5 HIGH | SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Unauthenticated Radio Stream Disclosure |
| CVE-2022-50695 | 7.5 HIGH | SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x ICMP Flood Attack via Network Commands |
| CVE-2022-50792 | 7.5 HIGH | SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Unauthenticated File Disclosure Vulnerability |
| CVE-2022-50788 | 7.5 HIGH | SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Information Disclosure via Log Directory |
| CVE-2022-50787 | 7.2 HIGH | SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Unauthenticated Stored Cross-Site Scripting |
IV. Related Vulnerabilities
Same product: Impact/Pulse/First
- CVE-2022-50796
SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Unauthenticated Remote C - CVE-2022-50794
SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Unauthenticated Command - CVE-2022-50795
SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Conditional Command Inje - CVE-2022-50793
SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Authenticated Command In - CVE-2022-50792
SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Unauthenticated File Dis
Same vendor: SOUND4 Ltd.
- CVE-2022-50796
SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Unauthenticated Remote C - CVE-2022-50794
SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Unauthenticated Command - CVE-2022-50795
SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Conditional Command Inje - CVE-2022-50793
SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Authenticated Command In - CVE-2022-50792
SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Unauthenticated File Dis
Same weakness: CWE-798
- CVE-2026-7414
Hardcoded credentials in Yarbo robot firmware - CVE-2026-8032
PicoTronica e-Clinic Healthcare System ECHS echs.js hard-cod - CVE-2026-32834
Easy PayPal Events & Tickets 1.3 Authentication Bypass via Q - CVE-2026-42376
D-Link DIR-456U A1 Hardcoded Telnet Backdoor Credentials - CVE-2026-42375
D-Link DIR-600L A1 Hardcoded Telnet Backdoor Credentials
V. Comments for CVE-2022-50696
No comments yet